Browsers typically enable users to interact with and experience many different types of content, usually over a computer network, and often in a visual or graphical manner. For example, users may install one or more internet browsers on a local computing device, and may thereafter utilize the internet browser to access content and/or functionality provided by a remote computing device.
Many browser applications provide a user with an ability to customize or personalize an appearance or functionality of the browser application in a manner desired by the user. In this way, the user may be more likely to enjoy, or benefit from, a use of the browser application. In particular, many browser applications support the use of discrete programs or files which are designed to provide a specific addition and/or alteration of one or more functionalities of an associated browser application. Such programs may be referred to using various, well-known terminologies, such as, for example, extensions, add-ons, or web apps (or just apps).
As referenced above, such programs generally operate to provide some additional, specific functionality for a user's local browser application. For example, such programs may cause an icon, image, or other content to be available within the context of the browser application, which would not normally be available to the user in that context. In such examples, such extension programs merely supplement already-present features and functionalities of the browser application.
In some cases, however, such extension programs may utilize a content script or other executable code which is designed to interact with content that is being remotely accessed by the browser application for loading and rendering thereof. For example, in the case where the browser application accesses a remote webpage over the internet, such content script or other executable code associated with an extension program may be configured to interact with (e.g., read or make changes to) the webpage itself. Content scripts are JavaScript files that run in the context of web pages. By using a standard Document Object Model (DOM), content scripts can read details of a webpage that a web browser visits, or make changes to webpages. Web browser extensions with content scripts often want to inject in every page that a user browses to, as a way of adding a general functionality to the browser. For example, browser extensions may apply a spellchecker, an address finder, or any generic functionality that could apply to any webpage.
In some cases, such interactions between content scripts and webpages may pose a security risk, such as when the interactions enable the webpage or the content script to access confidential or other privileged data of the user that may be stored on the local computing device of the user, or that the user enters into the web browser when visiting a webpage, for example. As a result, users' use and enjoyment of extension programs utilizing such content scripts or other similar types of executable code may have undesirable results. Another potential security issue with extensions that use content scripts is that a user has to trust each extension with access to all webpages that the user visits.